Added two tests for Verifier, covering Tofu success cases.
TODO: implement failing tests and check that the proper errors are returned.
This commit is contained in:
Nathan Fisher
parent
6e5ba46c26
commit
799ff9ef17
2 changed files with 35 additions and 3 deletions
|
|
@ -13,7 +13,21 @@ use {
|
|||
|
||||
#[derive(Debug)]
|
||||
/// A verifier is used to verify certificates sent by the receiving server
|
||||
/// during the tls handshake.
|
||||
/// during the tls handshake. For convenience the [CertificateStore] trait
|
||||
/// is implemented for [std::collections::HashMap<String, String>] and
|
||||
/// [std::collections::BTreeMap<String, String>], so a Verifier can easily
|
||||
/// be constructed from those types.
|
||||
///
|
||||
/// This type is passed to [rustls::client::DangerousClientConfig::set_certificate_verifier]
|
||||
/// in order to allow Tofu certificate validation.
|
||||
/// # Examples
|
||||
/// Create a Verifier from a HashMap
|
||||
/// ```
|
||||
/// use std::collections::HashMap;
|
||||
/// use dory::prelude::{CertificateStore, Verifier};
|
||||
///
|
||||
/// let verifier: Verifier<HashMap<String, String>> = HashMap::new().into();
|
||||
/// ```
|
||||
pub struct Verifier<S: CertificateStore> {
|
||||
/// An item which serves as storage for certificates
|
||||
pub store: Arc<Mutex<S>>,
|
||||
|
|
@ -86,6 +100,8 @@ mod tests {
|
|||
use super::*;
|
||||
|
||||
const CERT: &[u8] = include_bytes!("../../test/certificates/gemini.example.org/cert.der");
|
||||
const FP: &'static str =
|
||||
include_str!("../../test/certificates/gemini.example.org/fingerprint.txt");
|
||||
|
||||
#[test]
|
||||
fn tofu() {
|
||||
|
|
@ -93,7 +109,22 @@ mod tests {
|
|||
let cert = rustls::Certificate(CERT.into());
|
||||
let name = rustls::ServerName::try_from("gemini.example.org").unwrap();
|
||||
let now = time::SystemTime::now();
|
||||
let mut scts: Vec<&[u8]> = vec![];
|
||||
let res = verifier.verify_server_cert(&cert, &[], &name, &mut scts.iter(), &[], now);
|
||||
let scts: Vec<&[u8]> = vec![];
|
||||
let res =
|
||||
verifier.verify_server_cert(&cert, &[], &name, &mut scts.iter().copied(), &[], now);
|
||||
assert!(res.is_ok());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn verify_previously_trusted() {
|
||||
let verifier: Verifier<HashMap<String, String>> =
|
||||
HashMap::from([("gemini.example.org".to_string(), FP.to_string())]).into();
|
||||
let cert = rustls::Certificate(CERT.into());
|
||||
let name = rustls::ServerName::try_from("gemini.example.org").unwrap();
|
||||
let now = time::SystemTime::now();
|
||||
let scts: Vec<&[u8]> = vec![];
|
||||
let res =
|
||||
verifier.verify_server_cert(&cert, &[], &name, &mut scts.iter().copied(), &[], now);
|
||||
assert!(res.is_ok());
|
||||
}
|
||||
}
|
||||
|
|
|
|||
1
test/certificates/gemini.example.org/fingerprint.txt
Normal file
1
test/certificates/gemini.example.org/fingerprint.txt
Normal file
|
|
@ -0,0 +1 @@
|
|||
018a3210fe625b380e2021c1c3a5a6b0092f105e9350b62b72b97b73206fee69
|
||||
Loading…
Add table
Reference in a new issue